Enterprises have been building their wide area networks in the same way for the past 20 years. Private branch networks built largely around MPLS have been the norm, but this strategy is being completely upended today by the new technologies of software-defined wide area networks (SD-WAN).
More than a mere trend, SD-WAN is the way of the future. IDC says the SD-WAN market was worth $225 million in 2015, but it will be a $6 billion market by 2020. One reason for the hockey stick growth rate is that SD-WAN is seen by many as a transformative technology. It can enable businesses to do things they literally could not do before, such as pop-up a branch or retail outlet overnight and take it down again after a few days of temporary but lucrative service.
Many enterprises today are in the process of capturing their requirements and gaining an understanding of how best to meet those needs. This latter step can be a real challenge because the market is evolving so rapidly. There is, perhaps, a dozen or so SD-WAN vendors whose architectures and underlying technologies are mature enough to support the requirements of a large distributed enterprise. Many more vendors are entering the market with nascent technologies that might not be ready for prime time just yet.
Choosing the right strategy has long-term ramifications for any organization. Network architects must understand what features and functions will help them build the most robust yet flexible WAN architecture to support their business for the next decade or two. Toward that end, this article offers the SD-WAN Manifesto: a list of critical characteristics that are essential to building the new generation of a SD-WAN. These are some of the most important features and functions that a network architect should look for in an SD-WAN solution.
1. Zero-Touch Deployment and Automation
Zero-touch deployment means that a non-IT person onsite at the branch location can simply unpack the edge device, plug in the communication link(s), and plug in the power source. The device will then auto-provision with the proper policies and be completely ready to run. The benefits are that no IT person needs to visit the site to do the installation and setup, and the deployment process can happen very quickly.
The second part to this characteristic is the automation piece, which differs depending on whether the implementation is being done by an end user enterprise or by an intermediate service provider. From an enterprise perspective, automation refers to ICOM: installation, configuration, operations and management. All of those activities can be performed via a single dashboard that provides a consolidated view of all of the WAN‘s locations. So when a branch is installed, the administrator can bring up a profile from a template and assign it to the branch, and this means the right policies are applied to the branch.
From a service provider’s perspective, automation means that the orchestrator should have REST APIs. This allows the service provider to tie the SD-WAN’s orchestrator into an upper level orchestrator so the service company can drive individual customers’ business policy framework from the service provider orchestrator. Thus the service provider can install, configure, operate, and manage multiple customers’ WAN through a single dashboard.
2. Hybrid WAN Support
Hybrid WAN is a method to connect a geographically dispersed wide area network by sending traffic over two or more connection types, frequently MPLS and internet. However some sites can have dual broadband connections, which are typically less reliable than having an MPLS link in the mix. The underlying SD-WAN technology should ensure that there is always good quality of experience, regardless of the connection type. This allows traffic to seamlessly flow between the links without any loss of quality and with a great application experience—even if the application is something like voice or video. If one line is lost or experiences latency, jitter or loss of packets, the other line can take over in sub-second time to meet the SLA.
3. Remediation/Repair of Private and Public Links
Some branches – for example, a pop-up retail kiosk or a construction trailer – might never have an MPLS connection and have only a 3G/4G LTE, or best-effort internet link at its disposal. There might be one link or two. If there are two links and one experiences a problem, the WAN can steer traffic away from the problem. However, if there is only one link and it experiences a problem, say loss or jitter, the SD-WAN should be able to remediate or repair the link to maintain a great quality of experience.
4. On-Premises, Cloud, and Hybrid Deployment Models
The term “Hybrid SD-WAN” is often associated with simply the underlying transport; for example, MPLS plus internet. In a broader sense, a Hybrid SD-WAN is not just a factor of the transport but also a factor of where the applications are. They could be in the cloud or on-premises. Some SD-WAN vendors deploy their solution completely on-premises, while others also have a presence in the cloud in gateways that can help optimize traffic. For example, rather than backhauling traffic from the branch to the data center to get to a cloud app, the traffic can go from the branch to the cloud gateway and then to the cloud app. This additional cloud node helps to optimize the experience with cloud apps.
5. Business Policies at Orchestration Level
Instead of an IT administrator configuring one box at a time (as is done in a traditional WAN), he can create a template/business policy which is a combination of quality-of-service (QoS), firewalls, security rules, IP addressing, and so on. The template can go out to thousands of sites. This is how features like cloud VPN are enabled. It’s literally a checkbox item on a user interface because the policy is “enable cloud VPN.”
The business policy is truly business context driven. There is no need to talk in a packet level language; rather, the admin can talk in business constructs. For example, an application is high, medium, or low priority. The technology behind those business constructs automatically takes care of the traffic prioritization and routing.
6. Multi-Tenant Data, Control, and Orchestration Planes With Operational Independence
This is a key pillar of managed SD-WAN for service providers, who are a large consumer of this technology. The multi-tenant characteristic is to ensure proper segmentation by customers, which contributes to a secure environment. From the service provider perspective, a single orchestrator simplifies the principles of ICOM (installation, configuration, operations and management), but it still allows every customer to have its own instance of the WAN. What’s more, a very large enterprise might act like a service provider internally, where different subsidiaries or divisions have their own different policies and different segments.
7. Traditional Protocol Support
Service providers and enterprises already have existing devices in their network; for example, L3 switches and routers (ASR9k in core). To insert/integrate a new SD-WAN into an existing environment, there must be support for languages and protocols that these devices understand (i.e. BGP/OSPF). Even though the SD-WAN overlay itself may be proprietary, integration with other third-party hardware needs to be all standard-based routing.
Many enterprises want to ease into an SD-WAN implementation, and the chosen solution should support a migration rather than a full rip and replace strategy. This is one reason why support for traditional protocols is important. The enterprise can start doing some things with SD-WAN, and as they get comfortable with it, they can slowly replace routers and firewalls.
8. Pervasive Security at Branch, Data Center and Cloud
Security functions can be located in the places that make the most sense for the applications: at the branch, in the data center, or in the cloud. What’s more, functions can be service-chained to build multiple levels of security; for example, traffic can be made to pass through both a firewall and a data loss prevention tool as it goes from a branch directly to the internet.
An enterprise that selects an SD-WAN solution that supports, minimally, the characteristics discussed above can be assured of having a robust yet flexible architecture that can support the business’ needs now and well into the future.